Tbone-grady
commented
7 years ago Listen @JohnnyHobo if you don't know what the fuck your doing dont mess with the binaries
Open NoahGWood opened 7 years ago
Tbone-grady
commented
7 years ago Listen @JohnnyHobo if you don't know what the fuck your doing dont mess with the binaries
Ekultek
commented
7 years ago "It just opened a new shell" and a shit load of backdoors lol
On Apr 14, 2017, at 6:31 PM, Tdog21 notifications@github.com wrote:
Listen johny if you don't know what the fuck your doing dont mess with the binaries
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub, or mute the thread.
Tbone-grady
commented
7 years ago @Ekultek lol
NoahGWood
commented
7 years ago Hey, if you can show me where it's installing backdoors I'm all ears. All I found was it tries to open a root shell.
Never take my word for anything though, if the NSA handed me enough money I'd just as soon turn around and tell you it's necessary to run all these scripts on every *nix based device you own :P Now why's there a van parked outside my house?
Atavic
commented
7 years ago What a joke! VT hash search results for D01502934C089EA1316F659B5DBC80AE891DCA11 and 3A4BE0A37F98276B427F0EC2985475232B549B28 give detection ratios of 2/55
Dampcrowd appears to my untrained eyes to be a priv-esc attempt. It creates a shell with setuid and guid set to 0 (root).
13: 080484fc 0 FUNC WEAK DEFAULT UND setuid14: 080484ac 0 FUNC WEAK DEFAULT UND setgidThe exploit did not work on Linux Mint Serena; it just opened up a new /bin/sh shell.